[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#594175: Bug#712859: Bug#594175: openssh-server: support generation of ssh host keys in init script

Hi,
On Wed, Sep 19, 2018 at 11:38:59AM -0400, Simon Deziel wrote:
> On 2018-09-19 05:18 AM, Guido Günther wrote:
> > Hi,
> > On Wed, Jan 10, 2018 at 10:36:51AM +0100, Guido Günther wrote:
> >> Hi,
> >> On Wed, Jul 13, 2016 at 10:27:11AM +0200, Guido Günther wrote:
> >>> On Tue, Aug 24, 2010 at 12:23:52PM +0200, Michael Prokop wrote:
> >>>> Package: openssh-server
> >>>> Version: 1:5.5p1-4
> >>>> Severity: wishlist
> >>>>
> >>>>
> >>>> I mentioned this issue in my talk "State of Debian (based) Linux
> >>>> live systems in 2010" at Debconf10. Colin suggested to talk about
> >>>> it later on, so I'm reporting this as a wishlist item.
> >>>>
> >>>> It would be nice if the sshd init script would support generation of
> >>>> ssh host keys - iff there aren't any keys present yet.
> >>>>
> >>>> The (main) use case for this feature are live systems where you
> >>>> usually don't want to ship pre-generated keys on one hand, on the
> >>>> other hand not everyone wants to generate the host keys
> >>>> automatically on each boot (consuming time and ressources).
> >>>>
> >>>> Taking care of key generation as someone invokes '/etc/init.d/ssh
> >>>> start' works fine for the Grml live systems and its users. What
> >>>> we're doing is something as simple as:
> >>>>
> >>>> ,---- [ relevant snipped of Grml's ssh initscript ]
> >>>> | RSA1_KEY=/etc/ssh/ssh_host_key
> >>>> | RSA_KEY=/etc/ssh/ssh_host_rsa_key
> >>>> | DSA_KEY=/etc/ssh/ssh_host_dsa_key
> >>>> |
> >>>> | case "$1" in
> >>>> |  start)
> >>>> | [...]
> >>>> |       if ! test -f $RSA1_KEY ; then
> >>>> |          log_action_msg "Generating SSH1 RSA host key..."
> >>>> |          $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1
> >>>> |       fi
> >>>> |
> >>>> |       if ! test -f $RSA_KEY ; then
> >>>> |          log_action_msg "Generating SSH RSA host key..."
> >>>> |          $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1
> >>>> |       fi
> >>>> |
> >>>> |       if ! test -f $DSA_KEY ; then
> >>>> |          log_action_msg "Generating SSH2 DSA host key..."
> >>>> |          $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1
> >>>> |       fi
> >>>> | [...]
> >>>> `----
> >>>>
> >>>> Would be great if that feature would be available in Debian/Ubuntu
> >>>> based (live) systems as well. :)
> >>>
> >>> I wonder if we should just create a openssh-host-keys package that ships
> >>> a systemd unit/init script to create the keys (as (I think it was
> >>> Christian) suggested at debconf.
> >>>
> >>> This just came up here as well
> >>>
> >>>     https://www.redhat.com/archives/libguestfs/2016-July/msg00090.html
> >>>
> >>
> >> Michael is grml working around this somehow? If so can you attach a
> >> link?
> > 
> > I have moved things into a Debian package now:
> > 
> >     https://source.puri.sm/Librem5/gen-sshd-host-keys
> 
> Have you tried "ssh-keygen -A" ? I believe it would be the simplest way
> to generated the missing host keys.

I want to only generate the ones enabled in sshd_config (similar to what
sshd's postinst does).

Cheers,
 -- Guido
Reply to: